Channels

Services

Ruby 1.9.3 update fixes RubyGems security problem - Update

The Ruby development team has published an update to the 1.9.3 series of its open source programming language to fix a vulnerability found in the RubyGems package management framework.

The maintenance release of the scripting language, labelled 1.9.3-p194, updates RubyGems to close a security hole that caused SSL server verification to fail for remote repositories. This has been addressed by disallowing redirects from https to http connections and by enabling the verification of server SSL certificates in an updated version of RubyGems, 1.8.23; more details on these issues are provided in the latest RubyGems History file. The developers encourage those who use https source in .gemrc or /etc/gemrc to upgrade as soon as possible.